CVE-2025-60800 identifies an incorrect access control vulnerability in the jshERP software, specifically in the /jshERP-boot/user/info interface. This vulnerability allows an attacker to bypass authentication mechanisms and access sensitive user information by sending a specially crafted GET request. The flaw exists in all versions of jshERP up to commit 90c411a. The vulnerability arises from insufficient validation of user privileges on the endpoint, enabling unauthorized data retrieval. No authentication or user interaction is required, which significantly lowers the barrier for exploitation. Although there are no known exploits in the wild at the time of publication, the vulnerability poses a serious risk to confidentiality, as sensitive user data could be exposed to unauthorized parties. The absence of a CVSS score complicates severity assessment, but the nature of the flaw suggests a high impact due to potential data leakage. The vulnerability affects organizations using jshERP, which is an ERP solution commonly deployed in small to medium enterprises and some public sector entities. The lack of available patches at the time of reporting means organizations must rely on interim controls such as network segmentation, access restrictions, and monitoring to mitigate risk. Once patches or updates are released, prompt application is critical to prevent exploitation.

The primary impact of CVE-2025-60800 is unauthorized disclosure of sensitive user information, which compromises confidentiality. For European organizations, this could lead to exposure of personal data protected under GDPR, resulting in regulatory penalties and reputational damage. The vulnerability could be exploited by external attackers or malicious insiders to gain insights into user accounts or system configurations, potentially facilitating further attacks. Since no authentication is required, the attack surface is broad, increasing the likelihood of exploitation if the endpoint is exposed externally. The integrity and availability of systems are not directly affected, but the breach of confidentiality alone can have severe consequences, including loss of customer trust and competitive disadvantage. Organizations in sectors handling sensitive personal or financial data are particularly vulnerable. Additionally, the lack of known exploits suggests a window of opportunity for defenders to act before widespread attacks occur.

1. Immediately restrict access to the /jshERP-boot/user/info endpoint by implementing network-level controls such as firewalls or VPNs, limiting access to trusted internal IP addresses only. 2. Monitor access logs for unusual or unauthorized GET requests targeting the vulnerable endpoint to detect potential exploitation attempts early. 3. Employ Web Application Firewalls (WAFs) with custom rules to block suspicious requests that attempt to access sensitive user information without proper authentication. 4. Coordinate with the jshERP vendor or community to obtain and apply patches or updates addressing the vulnerability as soon as they become available. 5. Conduct thorough vulnerability scans and penetration tests focusing on access control weaknesses in ERP systems to identify similar issues. 6. Educate IT and security teams about this vulnerability to ensure rapid response and remediation. 7. Consider implementing additional authentication or authorization checks at the application layer as a temporary mitigation if patching is delayed. 8. Review and enforce strict data minimization and access policies within jshERP to limit sensitive data exposure.